Merge branch 'staging/nixpkgs-2023-05-18'

2023-05-19 20:07:21 +00:00 · 2023-05-19 20:07:21 +00:00 · 3aa1a9f674
commit 3aa1a9f674
parent 8a28e347f5 21d17c330f
9 changed files with 60 additions and 33 deletions
--- a/flake.lock
+++ b/flake.lock
@ -36,11 +36,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1678202930,
-        "narHash": "sha256-SF82/tTnagdazlETJLzXD9kjZ6lyk38agdLbmMx1UZE=",
+        "lastModified": 1684319086,
+        "narHash": "sha256-5wwlkWqP1cQUPXp/PJsi09FkgAule5yBghngRZZbUQg=",
        "owner": "edolstra",
        "repo": "nix-serve",
-        "rev": "3b6d30016d910a43e0e16f94170440a3e0b8fa8d",
+        "rev": "e6e3d09438e803daa5374ad8edf1271289348456",
        "type": "github"
      },
      "original": {
@ -82,11 +82,11 @@
    },
    "nixpkgs-unpatched": {
      "locked": {
-        "lastModified": 1684049129,
-        "narHash": "sha256-7WB9LpnPNAS8oI7hMoHeKLNhRX7k3CI9uWBRSfmOCCE=",
+        "lastModified": 1684385584,
+        "narHash": "sha256-O7y0gK8OLIDqz+LaHJJyeu09IGiXlZIS3+JgEzGmmJA=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "0470f36b02ef01d4f43c641bbf07020bcab71bf1",
+        "rev": "48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a",
        "type": "github"
      },
      "original": {
--- a/hosts/by-name/desko/default.nix
+++ b/hosts/by-name/desko/default.nix
@ -36,11 +36,9 @@
  services.snapper.configs.nix = {
    # TODO: for the impermanent setup, we'd prefer to just do /nix/persist,
    # but that also requires setting up the persist dir as a subvol
-    subvolume = "/nix";
+    SUBVOLUME = "/nix";
    # TODO: ALLOW_USERS doesn't seem to work. still need `sudo snapper -c nix list`
-    extraConfig = ''
-      ALLOW_USERS = "colin";
-    '';
+    ALLOW_USERS = [ "colin" ];
  };

  programs.steam = {
--- a/hosts/by-name/lappy/default.nix
+++ b/hosts/by-name/lappy/default.nix
@ -29,7 +29,8 @@
  services.snapper.configs.nix = {
    # TODO: for the impermanent setup, we'd prefer to just do /nix/persist,
    # but that also requires setting up the persist dir as a subvol
-    subvolume = "/nix";
+    SUBVOLUME = "/nix";
+    ALLOW_USERS = [ "colin" ];
  };

  # TODO: only here for debugging
--- a/nixpatches/list.nix
+++ b/nixpatches/list.nix
@ -68,13 +68,6 @@ in [
    hash = "sha256-Z1HOps3w/WvxAiyUAHWszKqwS9EwA6rf4XfgPGp+2sQ=";
  })

-  (fetchpatch' {
-    # kiwix-tools: 3.4.0 -> 3.5.0
-    saneCommit = "146f2449a19101ee202aa578a2b1d7377779890b";
-    prUrl = "https://github.com/NixOS/nixpkgs/pull/232020";
-    hash = "sha256-Tqr8Ri8X2dDljDmWmjAQDRJGNenSFhrY/wr24h2JAh0=";
-  })
-
  (fetchpatch' {
    # nixos/lemmy: support nginx
    saneCommit = "4c86db6dcb78795ac9bb514d9c779fd591070b23";
--- a/pkgs/additional/sane-scripts/default.nix
+++ b/pkgs/additional/sane-scripts/default.nix
@ -27,7 +27,6 @@ let
          "bin"
          coreutils-full
          curl
-          duplicity
          file
          findutils
          git
@ -49,12 +48,10 @@ let
          sops
          sudo
          systemd
-          transmission
          util-linux
          which
        ];
        keep = {
-          "/run/secrets/duplicity_passphrase" = true;
          # we write here: keep it
          "/tmp/rmlint.sh" = true;
          # intentionally escapes (into user code)
@ -78,7 +75,6 @@ let

        # list of programs which *can* or *cannot* exec their arguments
        execer = with pkgs; [
-          "cannot:${duplicity}/bin/duplicity"
          "cannot:${git}/bin/git"
          "cannot:${gocryptfs}/bin/gocryptfs"
          "cannot:${ifuse}/bin/ifuse"
@ -90,7 +86,6 @@ let
          "cannot:${sops}/bin/sops"
          "cannot:${ssh-to-age}/bin/ssh-to-age"
          "cannot:${systemd}/bin/systemctl"
-          "cannot:${transmission}/bin/transmission-remote"
        ];
      };
    };
@ -108,14 +103,34 @@ let
  };

  py-scripts = {
-    # anything added to this attrset gets symlink-joined into into `sane-scripts`
+    # anything added to this attrset gets symlink-joined into `sane-scripts`
+    backup-ls = static-nix-shell.mkBash {
+      pname = "sane-backup-ls";
+      src = ./src;
+      pkgs = [ "duplicity" ];
+    };
+    backup-restore = static-nix-shell.mkBash {
+      pname = "sane-backup-restore";
+      src = ./src;
+      pkgs = [ "duplicity" ];
+    };
+    bt-add = static-nix-shell.mkBash {
+      pname = "sane-bt-add";
+      src = ./src;
+      pkgs = [ "transmission" ];
+    };
+    bt-rm = static-nix-shell.mkBash {
+      pname = "sane-bt-rm";
+      src = ./src;
+      pkgs = [ "transmission" ];
+    };
    bt-search = static-nix-shell.mkPython3Bin {
      pname = "sane-bt-search";
      src = ./src;
      pyPkgs = [ "natsort" "requests" ];
    };
-    bt-rm = static-nix-shell.mkBash {
-      pname = "sane-bt-rm";
+    bt-show = static-nix-shell.mkBash {
+      pname = "sane-bt-show";
      src = ./src;
      pkgs = [ "transmission" ];
    };
--- a/pkgs/additional/sane-scripts/src/sane-backup-ls
+++ b/pkgs/additional/sane-scripts/src/sane-backup-ls
@ -1,10 +1,11 @@
-#!/usr/bin/env bash
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p duplicity

 # N.B. must be run as root

 set -ex

 # source the URL; hack to satisfy resholve
-external_cmd="source /run/secrets/duplicity_passphrase"
+external_cmd="source /run/secrets/duplicity_passphrase.env"
 $external_cmd
 duplicity list-current-files --archive-dir /var/lib/duplicity $DUPLICITY_URL
--- a/pkgs/additional/sane-scripts/src/sane-backup-restore
+++ b/pkgs/additional/sane-scripts/src/sane-backup-restore
@ -1,4 +1,5 @@
-#!/usr/bin/env bash
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p duplicity

 # N.B. must be run as root

@ -8,6 +9,6 @@ dest_path="$1"
 source_path="$2"

 # source the URL; hack to satisfy resholve
-external_cmd="source /run/secrets/duplicity_passphrase"
+external_cmd="source /run/secrets/duplicity_passphrase.env"
 $external_cmd
 duplicity restore --archive-dir /var/lib/duplicity --file-to-restore "$source_path" $DUPLICITY_URL "$dest_path"
--- a/pkgs/additional/sane-scripts/src/sane-bt-add
+++ b/pkgs/additional/sane-scripts/src/sane-bt-add
@ -1,11 +1,12 @@
-#!/usr/bin/env bash
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p transmission

 set -e

 endpoint=https://bt.uninsane.org/transmission/rpc
 PASS=$(sudo cat /run/secrets/transmission_passwd)

-options=$(getopt -l prefix:,film,show:,book:,audiobook:,vn:,author: -- "" "${@}")
+options=$(getopt -l help,prefix:,film,show:,book:,audiobook:,vn:,author: -- "" "${@}")
 eval "set -- ${options}"

 type=
@ -14,6 +15,22 @@ author=
 prefix=
 while true; do
  case "$1" in
+    (--help)
+      echo "add a .torrent or magnet:// file to be downloaded by and stored on my server"
+      echo "usage: sane-bt-add [options] <magnet:// URI or path/to.torrent>"
+      echo "options:"
+      echo "  --prefix <PathString>"
+      echo "  --film"
+      echo "  --show <ShowTitle>"
+      echo "  --book <BookTitle>"
+      echo "  --audiobook <BookTitle>"
+      echo "  --vn <VisualNovelTitle>"
+      echo "  --author <Author>"
+      echo ""
+      echo "the above options are used to construct the filesystem path where the torrent data will live"
+      echo "everything is relative to the root media directory (not /)"
+      exit
+    ;;
    (--prefix)
      shift
      prefix="$1"
--- a/pkgs/additional/sane-scripts/src/sane-bt-show
+++ b/pkgs/additional/sane-scripts/src/sane-bt-show
@ -1,4 +1,5 @@
-#!/usr/bin/env bash
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p transmission

 endpoint=https://bt.uninsane.org/transmission/rpc
 PASS=$(sudo cat /run/secrets/transmission_passwd)